|
297601
|
- |
|
ajax_search_project
|
ajax_search
|
SQL injection vulnerability in the "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin before 1.3 for WordPress allows remote attackers to e…
|
CWE-89
SQL Injection
|
CVE-2012-5853
|
2024-11-21 10:45 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297602
|
- |
|
dotproject
|
dotproject
|
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action,…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5702
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297603
|
- |
|
bulbsecurity
|
smartphone_pentest_framework
|
The btinstall installation script in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 uses weak permissions (777) for all files in the frameworkgui/ directory, which allows local users t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5697
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297604
|
- |
|
bulbsecurity
|
smartphone_pentest_framework
|
Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not properly restrict access to frameworkgui/config, which allows remote attackers to obtain the plaintext database password via a d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5696
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297605
|
- |
|
bulbsecurity
|
smartphone_pentest_framework
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allow remote attackers to hijack the authentication of administrator…
|
CWE-352
Origin Validation Error
|
CVE-2012-5695
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297606
|
- |
|
bulbsecurity
|
smartphone_pentest_framework
|
Multiple SQL injection vulnerabilities in Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allow remote attackers to execute arbitrary SQL commands via the (1) agentPhNo, (2) controlPhNo…
|
CWE-89
SQL Injection
|
CVE-2012-5694
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297607
|
- |
|
achievo
|
achievo
|
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5866
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297608
|
- |
|
achievo
|
achievo
|
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
|
CWE-89
SQL Injection
|
CVE-2012-5865
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297609
|
- |
|
dotproject
|
dotproject
|
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a con…
|
CWE-352
CWE-89
Origin Validation Error
SQL Injection
|
CVE-2012-5701
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297610
|
- |
|
bcron_project
|
bcron_exec
|
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6110
|
2024-11-21 10:45 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
